PHP :: Bug #46468 :: System Crash when running test script ext/openssl/tests/004.php

Bug #46468	System Crash when running test script ext/openssl/tests/004.php
Submitted:	2008-11-03 01:19 UTC	Modified:	2008-11-30 22:39 UTC
From:	hostmaster at uuism dot net	Assigned:	pajoye (profile)
Status:	Not a bug	Package:	OpenSSL related
PHP Version:	5.2CVS-2008-11-03 (snap)	OS:	Fedora Core 4
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	hostmaster at uuism dot net
New email:
PHP Version:		OS:

New Comment:

[2008-11-03 01:19 UTC] hostmaster at uuism dot net

Description:
------------
When I run test script  ext/openssl/tests/004.php, I get a Core Dump when it executes this part of the code:

//this leaks
$a = array(1,2);
$b = array(1,2);
var_dump(openssl_csr_new($a, $b));

Here is a back-trace from gdb:

#0  0x004c48a5 in memcpy () from /lib/libc.so.6
#1  0x083ebdcd in ASN1_STRING_set ()
#2  0x0057dff4 in ?? () from /lib/libc.so.6
#3  0x0057f880 in ?? () from /lib/libc.so.6
#4  0x00000000 in ?? ()

I ran configure with this string:

./configure  --build=i386-redhat-linux --host=i386-redhat-linux --target=i386-redhat-linux-gnu --program-prefix= --prefix=/usr --exec-prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin --sysconfdir=/etc --datadir=/usr/share --includedir=/usr/include --libdir=/usr/lib --libexecdir=/usr/libexec --localstatedir=/var --sharedstatedir=/usr/com --mandir=/usr/share/man --infodir=/usr/share/info --cache-file=../config.cache --with-libdir=lib --with-config-file-path=/etc --with-config-file-scan-dir=/etc/php.d --enable-debug --with-pic --disable-rpath --with-bz2 --with-curl --with-exec-dir=/usr/bin --with-freetype-dir=/usr --with-png-dir=/usr --enable-gd-native-ttf --without-gdbm --with-gettext --with-gmp --with-iconv --with-jpeg-dir=/usr --with-openssl            --with-pspell                       --with-pcre-regex=/usr/local --with-zlib --with-layout=GNU --enable-exif --enable-ftp --enable-magic-quotes --enable-sockets --enable-sysvsem --enable-sysvshm --enable-sysvmsg                                                    --enable-wddx --with-pear=/usr/share/pear --with-kerberos --enable-ucd-snmp-hack --with-unixODBC=shared,/usr                       --enable-shmop --enable-calendar                           --with-mime-magic=/etc/httpd/conf/magic --without-sqlite --with-libxml-dir=/usr/local --enable-force-cgi-redirect --enable-pcntl --with-imap=shared --with-imap-ssl --enable-mbstring=shared                          --enable-mbregex --with-ncurses=shared --with-gd=shared --enable-bcmath=shared --enable-dba=shared --with-db4=/usr --with-xmlrpc=shared --with-ldap=shared --with-mysql=shared,/usr --with-mysqli=shared,/usr/bin/mysql_config --enable-dom=shared --with-pgsql=shared --with-snmp=shared,/usr --enable-soap=shared --with-xsl=shared,/usr --enable-fastcgi --with-pcre-dir=/usr/local --enable-xmlreader=shared --with-mcrypt --with-mhash --with-config-file-path=/etc/php-testing --with-config-file-scan-dir=/etc/php-testing/php.d

Here is how I ran the test:

# TEST_PHP_EXECUTABLE=sapi/cli/php sapi/cli/php ./run-tests.php ext/openssl/tests/004.phpt

=====================================================================
PHP         : sapi/cli/php
PHP_SAPI    : cli
PHP_VERSION : 5.2.7RC3-dev
ZEND_VERSION: 2.2.0
PHP_OS      : Linux - Linux host.uuserver.net 2.6.20.1 #16 SMP Thu Nov 8 14:19:44 EST 2007 i686
INI actual  : /etc/php-testing/php.ini
More .INIs  : /etc/php-testing/php.d/mbstring.ini,/etc/php-testing/php.d/mysql.ini,/etc/php-testing/php.d/mysqli.ini,/etc/php-testing/php.d/soap.ini,/etc/php-testing/php.d/xmlrpc.ini
CWD         : /usr/local/src/php5.2-200811022130
Extra dirs  :
VALGRIND    : Not used
=====================================================================
Running selected tests.
FAIL openssl_csr_new() tests [ext/openssl/tests/004.phpt]
=====================================================================
Number of tests :    1                 1
Tests skipped   :    0 (  0.0%) --------
Tests warned    :    0 (  0.0%) (  0.0%)
Tests failed    :    1 (100.0%) (100.0%)
Expected fail   :    0 (  0.0%) (  0.0%)
Tests passed    :    0 (  0.0%) (  0.0%)
---------------------------------------------------------------------
Time taken      :    1 seconds
=====================================================================

=====================================================================
FAILED TEST SUMMARY
---------------------------------------------------------------------
openssl_csr_new() tests [ext/openssl/tests/004.phpt]
=====================================================================

My openssl version is OpenSSL 0.9.8h 28 May 2008

The binary is installed at /usr/local/bin/openssl, the include directory is /usr/local/include/openssl and the configuration directory is /usr/local/openssl.

Jim





Reproduce code:
---------------
<?php

$a = 1;
var_dump(openssl_csr_new(1,$a));
var_dump(openssl_csr_new(1,$a,1,1));
$a = array();
var_dump(openssl_csr_new(array(), $a, array(), array()));

//this leaks
$a = array(1,2);
$b = array(1,2);
var_dump(openssl_csr_new($a, $b));


echo "Done\n";
?>


Expected result:
----------------
Warning: openssl_csr_new() expects parameter 1 to be array, integer given in %s on line %d
NULL

Warning: openssl_csr_new() expects parameter 1 to be array, integer given in %s on line %d
NULL

Warning: openssl_csr_new(): key array must be of the form array(0 => key, 1 => phrase) in %s on line %d

Warning: openssl_csr_new(): add1_attr_by_txt challengePassword_min -> 4 (failed) in %s on line %d
bool(false)
resource(%d) of type (OpenSSL X.509 CSR)
Done


Actual result:
--------------
Warning: openssl_csr_new() expects parameter 1 to be array, integer given in /usr/local/src/php5.2-200811022130/ext/openssl/tests/004.php on line 4
NULL

Warning: openssl_csr_new() expects parameter 1 to be array, integer given in /usr/local/src/php5.2-200811022130/ext/openssl/tests/004.php on line 5
NULL

Warning: openssl_csr_new(): key array must be of the form array(0 => key, 1 => phrase) in /usr/local/src/php5.2-200811022130/ext/openssl/tests/004.php on line 7
Segmentation fault (core dumped)

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2008-11-03 01:21 UTC] hostmaster at uuism dot net

My php.ini file is exactly the same as php.ini-recommended

[2008-11-03 03:03 UTC] hostmaster at uuism dot net

I installed OpenSSL 0.9.8i 15 Sep 2008 and compiled PHP again, keeping everything else the same, except that I ran configure with --disable-debug.

When I run test script ext/openssl/tests/004.phpt not, it passes.

Jim

[2008-11-03 03:04 UTC] hostmaster at uuism dot net

That last sentence should be:

When I run test script ext/openssl/tests/004.phpt NOW, it passes.

Jim

[2008-11-03 08:14 UTC] pajoye@php.net

Thank you for this bug report. To properly diagnose the problem, we
need a backtrace to see what is happening behind the scenes. To
find out how to generate a backtrace, please read
http://bugs.php.net/bugs-generating-backtrace.php for *NIX and
http://bugs.php.net/bugs-generating-backtrace-win32.php for Win32

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open". Thank you for helping
us make PHP better.

[2008-11-04 00:33 UTC] hostmaster at uuism dot net

here is the backtrack;

Core was generated by `sapi/cli/php-debug -d output_handler= -d open_basedir= -d safe_mode=0 -d disabl'.
Program terminated with signal 11, Segmentation fault.
#0  0x004c48a5 in memcpy () from /lib/libc.so.6
(gdb) bt
#0  0x004c48a5 in memcpy () from /lib/libc.so.6
#1  0x083ebdcd in ASN1_STRING_set ()
#2  0x0057dff4 in ?? () from /lib/libc.so.6
#3  0x0057f880 in ?? () from /lib/libc.so.6
#4  0x00000000 in ?? ()
(gdb) frame 0
#0  0x004c48a5 in memcpy () from /lib/libc.so.6
(gdb) print (char *)(executor_globals.function_state_ptr->function)->common.function_name
$1 = 0x845d2db "openssl_csr_new"
(gdb) print (char *)executor_globals.active_op_array->function_name
$2 = 0x0
(gdb) print (char *)executor_globals.active_op_array->filename
$3 = 0xb7cbb0ac "/usr/local/src/php5.2-200811022130/ext/openssl/tests/004.php"

[2008-11-30 22:39 UTC] pajoye@php.net

"When I run test script ext/openssl/tests/004.phpt NOW, it passes."

Missed that, no bug in php > use a recent. Not a bug  > bogus

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Fri Apr 19 18:01:28 2024 UTC